Re: [pfSense Support] DNS cache poisoning
Chris Buechler wrote: How is your outbound NAT configured? Even static port won't rewrite the source ports to something incremental, it just retains whatever the source port is. Automatic outbound NAT rule generation (IPsec passthrough) Auto created rule for LAN Static Port NO Port Forward: WAN TCP/UDP 53 (DNS) atom (ext.: x.y.z.b) 53 (DNS) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AW: [pfSense Support] OpenVPN::Muitiple Clients
Hi, Diego ! 1.) try the Dynamic IP-option for DHCP-clients 2.) use an address pool that is big enough for all users 3.) use different certs and everything for each user 4.) have the Maximum clients option set for enough users then it should work... regards, Martin Von: Diego A. Gomez [EMAIL PROTECTED] Gesendet: Dienstag, 22. Juli 2008 06:18 An: support@pfsense.com Betreff: [pfSense Support] OpenVPN::Muitiple Clients I have a OpenVPN Server (with PfSense) I'm using pki-auth. My problem is that I can't to connect 2 users at same time. When user Aconnects itself, user B is disconnected. Both users can't be connected at same time (both users have diferents certs). What can be the problem? Thanks! -- Diego.- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] deployment confirmation from the experts
Hi i have downloaded the lastest ISO before installating, i would like to confirm the option what iam looking iam looking to deploy in my office users (pppoe)---LANSwitchPFInternet users dial using pppoe to PF box and PF authenticate and give access to internet is this possible, along with log report of user dialed in and disconnected time. any one clarify this option and point me to some documents to deploy the same ram
[pfSense Support] Re: PPTP and NAT
Chris Buechler wrote: Ugo Bellavance wrote: Hi, Is there a way to make it possible to have computers behind a Natting pfsense to connect to a PPTP server on the net? More than one concurrent PPTP connection? http://www.pfsense.org/index.php?option=com_contenttask=viewid=40Itemid=43 PPTP and GRE Limitation - The state tracking code in pf for the GRE protocol can only track a single session per public IP per external server. This means if you use PPTP VPN connections, only one internal machine can connect simultaneously to a PPTP server on the Internet. A thousand machines can connect simultaneously to a thousand different PPTP servers, but only one simultaneously to a single server. The only available work around is to use multiple public IPs on your firewall, one per client, or to use multiple public IPs on the external PPTP server. This is not a problem with other types of VPN connections. A solution for this is currently under development. Ok, will a 1-to-1 NAT work? Regards, - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] DNS cache poisoning
On Tue, Jul 22, 2008 at 1:02 AM, Beat Siegenthaler [EMAIL PROTECTED] wrote: Chris Buechler wrote: How is your outbound NAT configured? Even static port won't rewrite the source ports to something incremental, it just retains whatever the source port is. Automatic outbound NAT rule generation (IPsec passthrough) Auto created rule for LAN Static Port NO Port Forward: WAN TCP/UDP 53 (DNS) atom (ext.: x.y.z.b) 53 (DNS) Strange, I'm on the 1.3 alpha snaps and am not seeing this behaviour through my unpatched BIND instance (which tcpdump confirmed was using the same source port and on the outside of pfsense was using what appeared to be random ports). It's possible that this is fixed in the PF import in FreeBSD 7.0, but I'm a little surprised. You might try the 1.2.1 snaps and see if you have better results. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] DNS cache poisoning (solved)
On Tue, Jul 22, 2008 at 1:17 AM, Beat Siegenthaler [EMAIL PROTECTED] wrote: Beat Siegenthaler wrote: Upps, stop the press... I apologize for the hype. No cause for alarm. Packet Dump at the pfSense WAN side shows a excellent entropy. I did not realize that there is another DSL natting device between pfSense and the Internet. Did I mention it's a standard ZyXEL? Sorry about this Beat (me) lol, thanks! --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] OpenVPN::Muitiple Clients
I have checked everyone of these point. But my connections fails... Even I checked every thing with http://pfsense.iserv.nl/tutorials/openvpn/pfsense-ovpn.pdf I don't see anything bad in my logs What I'm doing bad? Thanks! -- Diego.- 2008/7/22 Fuchs, Martin [EMAIL PROTECTED]: Hi, Diego ! 1.) try the Dynamic IP-option for DHCP-clients 2.) use an address pool that is big enough for all users 3.) use different certs and everything for each user 4.) have the Maximum clients option set for enough users then it should work... regards, Martin Von: Diego A. Gomez [EMAIL PROTECTED] Gesendet: Dienstag, 22. Juli 2008 06:18 An: support@pfsense.com Betreff: [pfSense Support] OpenVPN::Muitiple Clients I have a OpenVPN Server (with PfSense) I'm using pki-auth. My problem is that I can't to connect 2 users at same time. When user Aconnects itself, user B is disconnected. Both users can't be connected at same time (both users have diferents certs). What can be the problem? Thanks! -- Diego.- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Diego.- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] OpenVPN::Muitiple Clients
Are you getting an error message? Could you put up your client logs for us to see. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com
RE: [pfSense Support] Re: PPTP and NAT
Yes ;) -Original Message- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Ugo Bellavance Sent: Tuesday, July 22, 2008 3:50 AM To: support@pfsense.com Subject: [pfSense Support] Re: PPTP and NAT Chris Buechler wrote: Ugo Bellavance wrote: Hi, Is there a way to make it possible to have computers behind a Natting pfsense to connect to a PPTP server on the net? More than one concurrent PPTP connection? http://www.pfsense.org/index.php?option=com_contenttask=viewid=40Itemid=4 3 PPTP and GRE Limitation - The state tracking code in pf for the GRE protocol can only track a single session per public IP per external server. This means if you use PPTP VPN connections, only one internal machine can connect simultaneously to a PPTP server on the Internet. A thousand machines can connect simultaneously to a thousand different PPTP servers, but only one simultaneously to a single server. The only available work around is to use multiple public IPs on your firewall, one per client, or to use multiple public IPs on the external PPTP server. This is not a problem with other types of VPN connections. A solution for this is currently under development. Ok, will a 1-to-1 NAT work? Regards, - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Re: PPTP and NAT
On Tue, Jul 22, 2008 at 12:42 AM, Ugo Bellavance [EMAIL PROTECTED] wrote: Ugo Bellavance wrote: Hi, Is there a way to make it possible to have computers behind a Natting pfsense to connect to a PPTP server on the net? More than one concurrent PPTP connection? I forgot to add that we're using PPTP to connect remotely. We could probably find another way to connect if we would need to make outgoing PPTP work. Actually i have the fix for multiple outgoing PPTP to the same site just tracing a problem it has for redirecting the PPTP connections if you want to test it i will be happy to supply something. Regards, Ugo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Ermal - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Re: PPTP and NAT
Tim Dickson wrote: Yes - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Re: PPTP and NAT
Tim Dickson wrote: Yes ;) Thanks a lot for your very fast reply :). Ugo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] AW: [SPAM] Re: [pfSense Support] OpenVPN::Muitiple Clients
Try to add the following to your clients config: ping 10 ping-restart 60 that should help... regards and good luck... martin -Ursprüngliche Nachricht- Von: Diego A. Gomez [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 22. Juli 2008 17:20 An: support@pfsense.com Betreff: [SPAM] Re: [pfSense Support] OpenVPN::Muitiple Clients I see like a timout problem... [Finish of client A] Tue Jul 22 12:07:48 2008 TUN/TAP device tun0 opened Tue Jul 22 12:07:48 2008 TUN/TAP TX queue length set to 100 Tue Jul 22 12:07:48 2008 ifconfig tun0 10.12.0.6 pointopoint 10.12.0.5 mtu 1500 Tue Jul 22 12:07:48 2008 route add -net 192.168.20.0 netmask 255.255.255.0 gw 10.12.0.5 Tue Jul 22 12:07:48 2008 route add -net 10.20.0.2 netmask 255.255.255.255 gw 10.12.0.5 Tue Jul 22 12:07:48 2008 GID set to nogroup Tue Jul 22 12:07:48 2008 UID set to nobody Tue Jul 22 12:07:48 2008 Initialization Sequence Completed [Then of 1, or 2 minutes... the same client A] Tue Jul 22 12:09:48 2008 [xxx.xxx.com] Inactivity timeout (--ping-restart), restarting Tue Jul 22 12:09:48 2008 TCP/UDP: Closing socket Tue Jul 22 12:09:48 2008 SIGUSR1[soft,ping-restart] received, process restarting Tue Jul 22 12:09:48 2008 Restart pause, 2 second(s) Tue Jul 22 12:09:50 2008 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Tue Jul 22 12:09:50 2008 Re-using SSL/TLS context Tue Jul 22 12:09:50 2008 LZO compression initialized If I have only 1 client, all work fine. There aren't bandwith problems... Thanks! -- Diego.- 2008/7/22 Curtis LaMasters [EMAIL PROTECTED]: Are you getting an error message? Could you put up your client logs for us to see. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com -- Diego.- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]